CLAIMS 

What is claimed is: 

1 . A method of providing data from a service to a client over a telecommunication 
network based on encryption capabilities of the cHent, the method comprising the computer- 
implemented steps of: 

receiving from the client a request for data and a Kst of encryption types representing 

encryption capabilities that are available at the client; 
selecting a service that can provide the data to the cUent, based on matching the Ust of 

encryption types received from the client to a mapping of encryption types to 

available services; and 
causing communication of the data from the selected service to the client. 

2. A method as recited in Claim 1 , further comprising the step of estabhshing a secure 
connection with the client, and wherein the receiving step is carried out as part of the 
establishing step. 

3. A method as recited in Claim 1 , further comprising the step of estabhshing a secure 
connection with the client, and wherein the receiving step is carried out as part of the 
estabhshing step, wherein the secure connection is established using a security protocol 
selected from among the set consisting of SSL, PPTP, SSH, and IPSec. 
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1 4. A method as recited in Claim 9, further comprising the step of establishing a secure 

2 connection with the client, and wherein the receiving step is carried out as part of the 

3 establishing step, wherein the step of establishing the secure connection further comprises the 

4 step of estabHshing the secure connection with the client using a cipher suite match. 

1 5. The method as recited in Claim 1 , further comprising the step of establishing a secure 

2 connection with the client, and wherein the receiving step is carried out as part of tiie 

3 establishing step, and further comprising the step of disconnecting the secure connection and 
; 4 reestablishing the secure connection using a cipher suite match. 

. g 1 6. The method as recited in Claim 1 , wherein the ordered mapping of encryption types to 

\^ 2 services is an ordered mapping of cipher suites to services. 

a 
ry 

1 7. The method as recited in Claim 1 , further comprising the steps of receiving a weight 

i;ig 

2 value for one or more of the encryption types, and ordering the mapping of encryption types 

ri 

3 to services based on the received weight values. 

1 8. A method as recited in Claim 1 , wherein the encryption type is a cipher suite match. 

1 9. A method as recited in Claim 1 , wherein the step of determining the service fiirther 

2 comprises the steps of: 

3 determining an encryption type match by finding a first common encryption type in 

4 the list of encryption types and the mapping of encryption types to services; 
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5 transmitting the encryption type match to the client; 

6 selecting a service associated with the encryption type match; 

7 selecting a server farm based on the service; and 

8 selecting a particular server in the server farm to provide the data to the client. 

1 10. A method as recited in Claim 1 , wherein the step of causing communication further 



2 comprises the step of establishing a connection with a non-encrypted protocol for use in 

3 conmiunicating a request to the selected service to cause communication of the data from the 

4 selected service to the client. 

□ 

^4 1 12. A method as recited in Claim 1 , wherein the mapping of encryption types to services 

: jS 2 is stored in an SSL termination module. 

[jff 

Mfi 

^3 1 13. A method of providing data associated with a service to a client over a 

- '?ti 

2 telecommunication network based on SSL encryption capabilities of the client, the method 

p 3 coitiprising the conaputer-irnpleniented steps of: 

4 creating and storing, at an SSL termination device, a mapping tfiat associates cipher 

5 suites that are supported by the SSL termination device with services that are 

6 accessible through the SSL termination device; 

7 receiving from the client as part of an SSL handshake phase message, a request for 

8 data and a list of cipher suites that are available at the client; 

9 matching the cipher suite list received from the client to the mapping to result in 

1 0 identifying at least one cipher suite in common between the cipher suite list 

1 1 ^d the mapping; 
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12 identifying, from the mapping, a service corresponding to the cipher suite in common; 

13 and 

14 causing communication of the data from the selected service to the client over an SSL 

1 5 connection using encryption parameters as defined in the cipher suite in 

16 common. 



1 14. A method of providing data from a service to a client based on encryption capabilities 

2 of the client, the method comprising the computer-implemented steps of: 

3 transmitting to an endpoint a request for data and an ordered list of encryption types 
Q 4 tiiat correspond to encryption types that are available at the client; 

''4 5 receiving from the endpoint an encryption type; and 

: | 6 receiving data that con^sponds to the request from the service that is sd 

'Si 7 on the encryption type. 

m . 

m 

J;3 1 15. A method as recited in Claim 14, further comprising the step of establishing a secure 

2^ 2 connection between the client and the endpoint, wherein the secure connection is established 

m 

3 using a security protocol consisting of SSL, PPTP, SSH, and IPSec. 



1 16. A method as recited in Claim 1 5, wherein the step of estabUshing the secure 

2 connection further comprises the step of establishing the secure connection between the client 

3 and the endpoint using a cipher suite match. 

1 17. The method as recited in Claim 1 5, further comprising the step of disconnecting the 

2 secure connection and reestablishing the secure connection using a cipher suite match. 
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1 18. The method as recited in Claim 1 5, wherein the endpoint is a SSL termination device. 

1 19. The method as recited in Claim 1 5, wherein the ordered list of encryption types is an 

2 ordered list of cipher suites. 

1 20. A method as recited in Claim 1 9, wherein the encryption tj^e is a cipher suite match. 

1 21 . A computer-readable medium carrying one or more sequraces of instructions for 

2 providing data from a service to a client based on encryption capabiHties of the client, which 

3 mstructions, when executed by one or more processors, cause the one or more processors to 
' 4 carry out the steps of: 

5 transmitting to an endpoint a request for data and an ordered list of encryption types 

i; 5 6 that correspond to encryption types that are available at the client; 

t;^ 7 receiving from the endpoint an encryption type; and 

L 3 8 receiving data that corresponds to the request from the service that is selected based 

ry 

9 on the encryption type. 

1 22. A computer-readable medium carrying one or more sequences of instructions for 

2 providing data from a service to a client based on encryption capabilities of the client, which 

3 instructions, when executed by one or more processors, cause the one or more processors to 

4 carry out the steps of: 

5 receiving from the cUent a request for data and a Ust of encryption types representing 

6 encryption capabilities that are available at the client; 
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7 selecting a service fliat can provide the data to the client, based on matching the list of 

8 encryption types received from the client to a mapping of encryption types to 

9 available services; and 

10 causing communication of the data from the selected service to the client. 

1 23. An apparatus for providing data from a service to a client based on encryption 

2 capabilities of the client, comprising: 

3 means for transmitting to an endpoint a request for data and an ordered list of 

4 encryption types that correspond to encryption types that are available at the 

5 client; 

6 means for receiving from the endpoint an encryption type; and 

7 means for receiving data that corresponds to the request from the service that is 

8 selected based on the encryption type. 

1 24. An apparatus for providing data from a service to a client based on encryption 

2 capabilities of the client, comprising: 

3 a network interface that is coupled to a data network for receiving one or more packet 

4 flows therefrom; 

5 a processor; 

6 one or more stored sequences of instructions which, when executed by the processor, 

7 cause the processor to carry out the steps of: 

8 transmitting to an endpoint a request for data and an ordered list of encryption 

9 types tiiat correspond to encryption types that are available at the client; 
10 receiving from the endpoint an encryption type; and 
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1 1 receiving data that corresponds to the request from the service that is selected based 

12 on the encryption type. 



1 25, An apparatus for providing data from a service to a client based on encryption 

2 capabilities of the client, comprising: 

3 means for receiving from the cHent a request for data and a list of encryption types 

4 representing encryption capabilities that are available at the client; 

5 means for selecting a service that can provide the data to the client, based on 

6 matching tihie list of encryption types received from the client to a mapping of 

r*| 7 encryption types to available services; and 

Q 

\l 8 means for causing communication of the data from the selected service to the cUent. 

yf| 1 26. An apparatus for providing data from a service to a client based on encryption 

CI 2 capabilities of the client, comprising: 

s 

3 a network interface that is coupled to a data network for receiving one or more packet 

''i^ 4 flows therefrom; 



5 a processor; 

6 one or more stored sequences of instructions which, when executed by the processor, 

7 cause the processor to carry out the steps of: 

8 receiving from the cUent a request for data and mi ordered list of encryption 

9 types; 

10 determining a particular server to retrieve the data based on the ordered list of 

1 1 encryption types and an ordered mapping of encryption types to services; and 

1 2 causing communication of the data from the particular server to the client 
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1 27. A method of providing data from a service to a client based on encryption capabilities 

2 of the client, the method comprising the computer-implemented steps of: 

3 receiving an ordered list of cipher suites that corresponds to cipher suites available to 

4 a client; 

5 establishing an SSL connection with an SSL termination module; 

6 transmitting to the SSL termination module a request for data and the ordered list of 

7 cipher suites; 

8 receiving from the SSL termination module a cipher suite match 

Q 9 estabHshing an new SSL connection with the SSL termination module using the 

Q 

hI 10 cipher suite match; and 

P 1 1 receiving data that corresponds to Ihe request 

^ 12 wherein the data is retrieved from a service that is selected based on the cipher suite 

[if J 13 match. 

m 

J;f| 1 28. A method of providing data from a service to a client based on encryption capabilities 

ill 

2 of the client, the method comprising the computer-implemented steps of: 

3 receiving an ordered mapping of cipher suite names to services; 

4 receiving from the elicit a request for data and an ordered list of cipher suites; 

5 determining a cipher suite match by selecting a first common cipher suite in the 

6 ordered list of cipher suites and the ordered mapping of cipher suite names to 

7 services; 

8 transmitting tiie cipher suite match to the client; 

9 selecting the service associated with the cipher suite match; 
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1 0 selecting a serv^ farm based on the service; 

1 1 selecting a particular server in the server farm to provide the data to the client; and 

1 2 transmitting Ihe data to the client. 
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